Join Log in
Score:0
philburns avatar Server

Apache2 returns 403 for static file request on root

mx flag
philburns

On my new Apache/2.4.52 (Ubuntu) Server installation, the SSL configuration in general runs well, having Tomcat apps proxied and working.

Still, the static file configuration for root does not work. My config is like this:

<VirtualHost *:443>
    ServerAdmin [email protected]
    ServerName my.wonderful.server
    DocumentRoot "/srv/www/htdocs/ssl/"

    #   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on

    SSLCertificateFile /path/to/my_wonderful_server.pem
    SSLCertificateKeyFile /etc/apache2/ssl.crt/my_wonderful_server-key.no_enc.pem
    SSLCertificateChainFile /etc/apache2/ssl.crt/chain.txt

    # app 1 proxy to tomcat
    ProxyPass           /appa           http://localhost:8080/appa
    ProxyPassReverse    /appa           http://localhost:8080/appa

    # app 2 proxy to tomcat
    ProxyPass           /appb           http://localhost:8080/appb
    ProxyPassReverse    /appb           http://localhost:8080/appb

    ErrorDocument 503 '<head><meta charset="UTF-8"/><title>Warning</title><style>body { height: 100%; padding: 150px; text-align: center; background-color: #f4f8f9; } h1 { font-size: 50px; } body { font: 20px Helvetica, sans-serif; color: #333; } article { width: 650px; margin: 0 auto; display: block; text-align: left; } a { color: #dc8100; text-decoration: none; } a:hover { color: #004678; text-decoration: none; }</style></head><body><article>Server Maintenance</article></body>'

    ErrorLog /var/log/apache2/mywonderfulserver-error.log
    LogLevel warn
    CustomLog /var/log/apache2/mywonderfulserver-access.log combined

</VirtualHost>

The server is listening: netstat -tulpn | grep 443 gives:

tcp6       0      0 :::443                  :::*                    LISTEN      172209/apache2

There is an index.html file in the document root under /srv/www/htdocs/ssl/index.html

This is my first installation with Apache 2.4. So I might still have to enable some module? What am I missing?

46
1 + 0
Score:0
avatar Server
in flag
Lacek

The default behavior of Apache is to deny everything, so you need to give access to the directories you want to use. There are a few exceptions which differ between distributions, but the rule of thumb is that you need to set up permissions by hand.

So, at a minimum, you need to add a block like this:

<Directory /srv/www/htdocs/ssl>
    Require all granted
</Directory>

If you plan to have more directories in /srv/www/htdocs, then it is better to give the grant to that directory (subdirectories will inherit the grant). Also, it is important that the webserver's user (which is www-data on Debian-based systems and apache on Redhat-based systems) needs to have access to the directory on the filesystem.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.